Advisories:rPSA-2009-0035

From rPath Wiki

rPath Security Advisory 2009-0035-1

Published: 2009-03-02

Products

• rPath Appliance Platform Linux Service 1
• rPath Appliance Platform Linux Service 2
• rPath Linux 1
• rPath Linux 2

Rating

Critical

Exposure Level Classification

Remote System User Deterministic Unauthorized Access

Updated Versions

• php=conary.rpath.com@rpl:2/5.2.8-0.1-1
• php5=conary.rpath.com@rpl:1/5.2.8-1-1
• php5-cgi=conary.rpath.com@rpl:1/5.2.8-1-1
• php5-imap=conary.rpath.com@rpl:1/5.2.8-1-1
• php5-mcrypt=conary.rpath.com@rpl:1/5.2.8-1-1
• php5-mysql=conary.rpath.com@rpl:1/5.2.8-1-1
• php5-mysqli=conary.rpath.com@rpl:1/5.2.8-1-1
• php5-pear=conary.rpath.com@rpl:1/5.2.8-1-1
• php5-pgsql=conary.rpath.com@rpl:1/5.2.8-1-1
• php5-soap=conary.rpath.com@rpl:1/5.2.8-1-1
• php5-xsl=conary.rpath.com@rpl:1/5.2.8-1-1
• php-cgi=conary.rpath.com@rpl:2/5.2.8-0.1-1
• php-imap=conary.rpath.com@rpl:2/5.2.8-0.1-1
• php-mcrypt=conary.rpath.com@rpl:2/5.2.8-0.1-1
• php-mysql=conary.rpath.com@rpl:2/5.2.8-0.1-1
• php-mysqli=conary.rpath.com@rpl:2/5.2.8-0.1-1
• php-pgsql=conary.rpath.com@rpl:2/5.2.8-0.1-1
• php-soap=conary.rpath.com@rpl:2/5.2.8-0.1-1
• php-xsl=conary.rpath.com@rpl:2/5.2.8-0.1-1

rPath Issue Tracking System

• RPL-2963

References

• CVE-2008-5557
• CVE-2008-5624
• CVE-2008-5658
• CVE-2008-5625
• CVE-2008-3658
• CVE-2008-3659
• CVE-2008-2665
• CVE-2008-2666
• CVE-2008-3660
• CVE-2008-2829

Description

Previous versions of the php version 5 packages contain multiple

vulnerabilities, the most serious of which may allow a remote

attacker to execute arbitrary code.

In its default configuration, rPath Linux 1 does not install php

version 5 and is thus not vulnerable to these attacks; however,

systems to which php version 5 has been added may be vulnerable.

Copyright 2009 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html